Re: C versus other languages, round 538 or so (Re: CGI scripts in sh)

[Ben Galehouse <bgalehou () PACBELL NET>]

Jonathan James wrote:
> A well experienced C/C++ programmer knows how to avoid the black holes that
> exist in regards to buffer overflows/unexpected input.
> All you have to do is to structure and think through your software design
> thoroughly before you turn your idea into code.

In theory, theory in practice are the same, in practice....

In theory, de-allocation of RAM is something that the programmer can
take care of.  In practice, I once heard a CMU C.S. prof (one of the
less theory oriented ones) discuss debugging some X-windows program
which kept seg-faulting.  He couldn't figure out which pointer was being
held by the libraries, so he was randomly removing free statements.

In theory, buffer overflows are avoidable and findable.  In practice,
they keep popping up, often after years of code audit.

In theory, the unix 2-level trust model provides all the security that
one could possibly need.  In practice, I'd love an easy way to tell the
OS to only let a web-browser or email reader access certain files.

> As for C v. Perl I would choose C.
> Why? Because Perl is an interpreted language, we don't know if there exists
> any flaw in the perl interpreter. When you create a CGI script using C you
> know what you get. The CGI scripts run faster offers more control and
> possibilities, you can distribute your CGI scripts without giving away the
> sourcecode.

Have you ever worked on a sizable program?  Especially a CGI script, or
system thereof?  If I want a program that executes wrinkle free, I'll
write it in Standard ML and execute it on of those little byte compiler
systems for it.  If, in addition, I need for others to be able to read
it or maintain it, I'll write it in Java (the ussual case).